Renforcer la sécurité des infrastructures.
Add MFA, SSO and fine-grained access control in front of any app — no code changes required.
Authelia is an open-source authentication and authorization server that acts as a reverse-proxy companion. It intercepts every request to your apps and enforces your policy: one-factor login, two-factor (TOTP, WebAuthn/Passkeys), or bypass — based on domain, path, user group or network. Authelia itself handles the login portal; your app never needs to know it exists.
Deployed on a ServOrbit VPS, Authelia runs as a lightweight Go binary (~25 MB RAM) alongside a Redis session store. It integrates with Nginx, Caddy, Traefik and HAProxy as a forward-auth endpoint, and doubles as a full OpenID Connect (OIDC) provider, letting you add Single Sign-On across your entire self-hosted stack from a single configuration file. Apache 2.0 licensed, ~28 k GitHub stars.
Put Authelia in front of Grafana, Dockge, Gitea or any admin UI. Users authenticate once at your auth portal and are forwarded to any protected app without re-entering credentials.
Many self-hosted apps have basic password auth or none at all. Authelia adds TOTP or passkey authentication at the proxy layer — zero changes to the app, zero code to write.
Configure Authelia as an OIDC provider and connect Nextcloud, Gitea, Mattermost and more. One login session, all your apps — on infrastructure you own.
Guide optimisé pour les VPS Cloud ServOrbit.
Order a ServOrbit VPS with at least 1 vCPU and 512 MB RAM (1 GB recommended). Ubuntu 22.04 LTS is the recommended OS. A domain name pointing to this VPS is required — Authelia's session cookies and OIDC callbacks require HTTPS with a valid FQDN.
Create an A record for your auth subdomain, for example auth.yourdomain.com, pointing to the VPS IP. SSL is handled automatically by the ServOrbit reverse proxy using Let's Encrypt.
Select the Authelia template in the ServOrbit Marketplace. The provisioning job deploys the Compose stack (Authelia + Redis), generates all secrets, writes the initial configuration and creates the admin user. The portal is accessible at https://auth.yourdomain.com within minutes.
Add a forward_auth directive to the Nginx, Caddy or Traefik configuration of each app you want to protect. Authelia's documentation has copy-paste snippets for every major proxy. ServOrbit VPS instances ship with Caddy by default.
Log in to the Authelia portal with the default admin credentials, register your TOTP app (Google Authenticator, Ente Auth, Aegis…) or a passkey, then create additional users. Update access control rules in configuration.yml to enforce 2FA for sensitive apps and one-factor for others.
Self-hosted Bitwarden-compatible password manager written in Rust. All Bitwarden clients work out of the box — browser extensions, mobile apps, desktop — under 50 MB RAM.
Réseau & VPNVPN moderne, performant et minimal. Connexions sécurisées pour vos équipes et vos infrastructures avec une latence proche de zéro.
Déploiement Applicatif & DevOpsServeur web et reverse proxy moderne avec HTTPS automatique. Certificats SSL Let's Encrypt obtenus et renouvelés tout seuls, configuration minimale via Caddyfile.
Parcourez notre centre d'aide et notre FAQ, ou écrivez à notre équipe — support en anglais, français et arabe.